Details of VAR-202103-0766

ID

VAR-202103-0766

CVE

CVE-2021-1469

TITLE

Cisco Jabber Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004755

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Jabber Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Jabber for Windows is a set of unified communication client solutions for Windows platform developed by Cisco. The program provides online status display, instant messaging, voice and other functions

Trust: 1.8

sources: NVD: CVE-2021-1469 // JVNDB: JVNDB-2021-004755 // VULHUB: VHN-374523 // VULMON: CVE-2021-1469

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	gte	version:	12.7.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.9.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.7.4	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.8.5	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.8.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.6.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.5.4	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.6.5	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.5.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.9.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco jabber	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004755 // NVD: CVE-2021-1469

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1469
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1469
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-1469
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-1406
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374523
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1469
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1469
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374523
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1469
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1469
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1469
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374523 // VULMON: CVE-2021-1469 // JVNDB: JVNDB-2021-004755 // CNNVD: CNNVD-202103-1406 // NVD: CVE-2021-1469 // NVD: CVE-2021-1469

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-170	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374523 // JVNDB: JVNDB-2021-004755 // NVD: CVE-2021-1469

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1406

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1406

PATCH

title:	cisco-sa-cisco-jabber-PWrTATTC	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC	Trust: 0.8
title:	Cisco Jabber for Windows Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=145708	Trust: 0.6
title:	Cisco: Cisco Jabber Desktop and Mobile Client Software Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cisco-jabber-PWrTATTC	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/	Trust: 0.1

sources: VULMON: CVE-2021-1469 // JVNDB: JVNDB-2021-004755 // CNNVD: CNNVD-202103-1406

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1469	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-004755	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.1010	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1406	Trust: 0.6
db:	VULHUB	id:	VHN-374523	Trust: 0.1
db:	VULMON	id:	CVE-2021-1469	Trust: 0.1

sources: VULHUB: VHN-374523 // VULMON: CVE-2021-1469 // JVNDB: JVNDB-2021-004755 // CNNVD: CNNVD-202103-1406 // NVD: CVE-2021-1469

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cisco-jabber-pwrtattc	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1469	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.1010	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/170.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/	Trust: 0.1

sources: VULHUB: VHN-374523 // VULMON: CVE-2021-1469 // JVNDB: JVNDB-2021-004755 // CNNVD: CNNVD-202103-1406 // NVD: CVE-2021-1469

SOURCES

db:	VULHUB	id:	VHN-374523
db:	VULMON	id:	CVE-2021-1469
db:	JVNDB	id:	JVNDB-2021-004755
db:	CNNVD	id:	CNNVD-202103-1406
db:	NVD	id:	CVE-2021-1469

LAST UPDATE DATE

2024-11-23T21:50:57.050000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374523	date:	2022-10-21T00:00:00
db:	VULMON	id:	CVE-2021-1469	date:	2021-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-004755	date:	2021-11-29T09:16:00
db:	CNNVD	id:	CNNVD-202103-1406	date:	2022-10-28T00:00:00
db:	NVD	id:	CVE-2021-1469	date:	2024-11-21T05:44:25.653

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374523	date:	2021-03-24T00:00:00
db:	VULMON	id:	CVE-2021-1469	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004755	date:	2021-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202103-1406	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1469	date:	2021-03-24T20:15:15.900